X-Git-Url: http://git.indexdata.com/?p=yaz-moved-to-github.git;a=blobdiff_plain;f=src%2Ftcpip.c;h=bcee219980a8b3851a466d2803953182f0635faf;hp=4425867f3ef2f2b07f3e4b8014395a955de35be1;hb=69758252fce6231073cb288a4f5bbf8f7febc249;hpb=c6e47cbbff56f39f6d81b079ebaeac41d793d4d9 diff --git a/src/tcpip.c b/src/tcpip.c index 4425867..bcee219 100644 --- a/src/tcpip.c +++ b/src/tcpip.c @@ -1,8 +1,8 @@ /* - * Copyright (c) 1995-2003, Index Data + * Copyright (c) 1995-2004, Index Data * See the file LICENSE for details. * - * $Id: tcpip.c,v 1.1 2003-10-27 12:21:35 adam Exp $ + * $Id: tcpip.c,v 1.5 2004-04-29 21:19:23 adam Exp $ */ #include @@ -76,8 +76,8 @@ typedef struct tcpip_state struct sockaddr_in addr; /* returned by cs_straddr */ char buf[128]; /* returned by cs_addrstr */ #if HAVE_OPENSSL_SSL_H - SSL_CTX *ctx; - SSL_CTX *ctx_alloc; + SSL_CTX *ctx; /* current CTX. */ + SSL_CTX *ctx_alloc; /* If =ctx it is owned by CS. If 0 it is not owned */ SSL *ssl; #endif } tcpip_state; @@ -196,7 +196,6 @@ COMSTACK ssl_type(int s, int blocking, int protocol, void *vp) { tcpip_state *state; COMSTACK p; - yaz_log(LOG_LOG, "ssl_type begin"); p = tcpip_type (s, blocking, protocol, 0); if (!p) @@ -205,22 +204,10 @@ COMSTACK ssl_type(int s, int blocking, int protocol, void *vp) p->f_put = ssl_put; p->type = ssl_type; state = (tcpip_state *) p->cprivate; - if (vp) - state->ctx = vp; - else - { - SSL_load_error_strings(); - SSLeay_add_all_algorithms(); - state->ctx = state->ctx_alloc = SSL_CTX_new (SSLv23_method()); - if (!state->ctx) - { - tcpip_close(p); - return 0; - } - } + state->ctx = vp; /* may be NULL */ + /* note: we don't handle already opened socket in SSL mode - yet */ - yaz_log(LOG_LOG, "ssl_type end"); return p; } #endif @@ -297,9 +284,6 @@ int tcpip_more(COMSTACK h) int tcpip_connect(COMSTACK h, void *address) { struct sockaddr_in *add = (struct sockaddr_in *)address; -#if HAVE_OPENSSL_SSL_H - tcpip_state *sp = (tcpip_state *)h->cprivate; -#endif int r; #ifdef __sun__ int recbuflen; @@ -385,6 +369,18 @@ int tcpip_rcvconnect(COMSTACK h) return -1; } #if HAVE_OPENSSL_SSL_H + if (h->type == ssl_type && !sp->ctx) + { + SSL_load_error_strings(); + SSLeay_add_all_algorithms(); + + sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method()); + if (!sp->ctx) + { + h->cerrno = CSERRORSSL; + return -1; + } + } if (sp->ctx) { int res; @@ -453,6 +449,18 @@ static int tcpip_bind(COMSTACK h, void *address, int mode) #if HAVE_OPENSSL_SSL_H tcpip_state *sp = (tcpip_state *)h->cprivate; + if (h->type == ssl_type && !sp->ctx) + { + SSL_load_error_strings(); + SSLeay_add_all_algorithms(); + + sp->ctx = sp->ctx_alloc = SSL_CTX_new (SSLv23_method()); + if (!sp->ctx) + { + h->cerrno = CSERRORSSL; + return -1; + } + } if (sp->ctx) { if (sp->ctx_alloc) @@ -1098,3 +1106,65 @@ int static tcpip_set_blocking(COMSTACK p, int blocking) p->blocking = blocking; return 1; } + +#if HAVE_OPENSSL_SSL_H +int cs_set_ssl_ctx(COMSTACK cs, void *ctx) +{ + struct tcpip_state *state; + if (!cs || cs->type != ssl_type) + return 0; + state = (struct tcpip_state *) cs->cprivate; + if (state->ctx_alloc) + return 0; + state->ctx = ctx; + return 1; +} + +void *cs_get_ssl(COMSTACK cs) +{ + struct tcpip_state *state; + if (!cs || cs->type != ssl_type) + return 0; + state = (struct tcpip_state *) cs->cprivate; + return state->ssl; +} + +int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len) +{ + SSL *ssl = cs_get_ssl(cs); + if (ssl) + { + X509 *server_cert = SSL_get_peer_certificate (ssl); + if (server_cert) + { + BIO *bio = BIO_new(BIO_s_mem()); + char *pem_buf; + /* get PEM buffer in memory */ + PEM_write_bio_X509(bio, server_cert); + *len = BIO_get_mem_data(bio, &pem_buf); + *buf = xmalloc(*len); + memcpy(*buf, pem_buf, *len); + BIO_free(bio); + return 1; + } + } + return 0; +} +#else +int cs_set_ssl_ctx(COMSTACK cs, void *ctx) +{ + return 0; +} + +void *cs_get_ssl(COMSTACK cs) +{ + return 0; +} + +int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len) +{ + return 0; +} + +#endif +